Supervising the Network
3-11
Managing the NetWare Services File System
File Access Control
Using NetWare Only for File Access Control
When “NetWare” is selected as the mode for file access control, rights
checking is the same as it is on native NetWare. NetWare Services checks
that the user has NetWare rights to the file or directory and that the NetWare
file and directory attributes allow the action. Figure 3-2 illustrates this
process.
Figure 3-2 NetWare Security Checks
If NetWare is the access control mode, the HP-UX permission bits are not
checked at all. For client access, if files owned by Root are placed in the
NetWare volume and NetWare rights allow the user to access the file, the
user is allowed access.
NOTE: Remember that if the access control mode is NetWare, HP-UX file ownership and
permissions are meaningless. HP-UX users creating files in NetWare volulmes may
allow NetWare clients unintended access.
Trustee Rights
NetWare must calculate a user’s effective rights, or rights the user can
exercise, to each file and directory. This is because effective rights are
determined by a combination of the Inherited Rights Filter, trustee
assignments, and security equivalences.
The following basic rules are used:
1 NetWare Services compiles a list of object IDs for the user and the user’s
equivalencies (groups and other users).
Deny
access
yes
yes
no
Deny
access
no
Grant
access
Has
trustee rights?
Attributes
okay?
Start here